DOCSLIB.ORG

Islamic Republic of Iran October 2017

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

October 2017 Islamic Republic of Iran Chief of State: Supreme Leader Ali Hoseini-Khamenei Government: Theocratic Republic Capital: Tehran National Holiday: 1st April1 GDP by sector: Agriculture (9.1%), Industry (39.9%), Services (51%) Export Partners: China (22.4%), India (8.7%), Turkey (8.5%), Japan (4.5%) Import Partners: UAE (39.5%), China (22.3%), South Korea (4.7%), Turkey (4.6%) Top Exports: Petroleum (80%), Chemical and petrochemicals, fruit and nuts, carpets, cement, ore2 Conflict areas: Syria, Iraq, Yemen, Israeli occupation of Palestine, US interference, Saudi Arabian influence Major Religions: Muslim (99.4%) — Shia (90 – 95%), Sunni (5 – 10%), other (Zoroastrian, Jewish and Christian)3 Current Landscape International Relations part they have an abundance of conventional missiles6. However, the goal to become a nuclear power is in Iran’s foreign policy with its neighbours and globally alignment with its regional ambitions to have better US is entrenched in a number of issues. One that it is deterrence and more regional political leverage. The dominated by the petrochemical industry, nuclear Joint Comprehensive Plan of Action (JCPOA), set forth enrichment, an ideological framework, regional turmoil requirements for Iran to halt its uranium enrichment, and relative isolation4. Since the fall of the Soviet and make efforts to alter regional activities, including Union and the increased presence of US troops in the supporting proxy groups and terrorist organisations, for region, it has had to handle perceived existential threat some sanctions relief. The US Trump administration has from the US and its allies and a unique set of regional adopted an oppositional outlook towards Tehran once influences5. Overall Iran experiences cordial relations again however, as evidenced by changing their position with South Caucasus and Central Asia, underpinned on the JCPOA. by a pragmatic outlook that does not want to upset Moscow or Beijing. It sees Armenia as its “gateway to Internal security posture Europe” and Turkmenistan as its “gateway to Central Asia”. Iran prioritises relations from the Persian Gulf Securing control of its internal political space is a top and Levant alongside Turkey. It sees Israel and Saudi priority for the Iranian regime. The ability to cause soci- Arabia as threats to its existence and its future as the etal discontent through online communication channels, dominant regional power. Iran’s nuclear ambitions have and generate conflict was felt keenly by the Middle East been the cause for ongoing international sanctions in the aftermath of the Arab Spring in 2011. Since then, against its financial, petrochemical, transportation and Iran has invested in internal internet governance and shipping sectors. Reports surrounding their enrichment pursued a hard-line stance against perceived dissident program suggest the country is a long way off equipping or anti-revolutionary activity. The Islamic Revolutionary missiles with nuclear warheads and that for the most Guard Corps (IRGC) website details some of the country’s 1. A public holiday celebrating the establishment of the Islamic Republic in 1979 2. https://www.cia.gov/library/publications/the-world-factbook/geos/ir.html 6. https://www.cia.gov/library/publications/the-world-factbook/geos/ir.html 4. https://csis-prod.s3.amazonaws.com/s3fs-public/publication/170421_Farhi_Iranian_Power_Projection.pdf 5. https://csis-prod.s3.amazonaws.com/s3fs-public/publication/160420_Milani_IranReconnectingEurasia_Web.pdf 6. https://csis-prod.s3.amazonaws.com/s3fs-public/legacy_files/files/publication/141218_Cordesman_IranRocketMissileForces_Web.pdf 1 © 2017 Anomali, Inc. All rights reserved. strategy in this area, and justifies its goals as helping to all voiced opposition to Trump’s unilateral stance. During define parameters for “acceptable culture”7. The pur- 2016 the economy experienced a notable recovery. suit of internal control has led to the implementation of the National Information Network (NIN). This is based National Cyber-Strategy on ideas to monitor internet usage, and block subver- Iran’s attention was drawn to the development of its sive content, not unlike SORM of Russia and the “Great own offensive and defensive cyber capability after being Chinese Firewall”. The data captured by this national attacked by the Stuxnet virus, followed by Duqu and intranet can be accessed by the country’s intelligence Flame. The government pledged $1 billion investment and law enforcement agencies8. Freedom of expression in 201113, creating the Supreme Council of Cyberspace is regularly reported as being restricted as well. Iranian (SCC), Cyber Headquarters (under the Armed Forces legislation makes many non-violent crimes punishable General Staff), Cyber Command, the Basij cyberspace by death. Many ordinary users of social media have been council, Cyber Police FETA and began recruiting talent brought to the IRGC or arrested for making comments into the industry. ICT ministries cooperated with the on controversial issues (such as fashion)9. In 2016 Iran AFGS Cyber Headquarters to monitor vulnerabilities carried out the largest mass executions in years. Despite and threats to infrastructure. The SCC works with the being considered a moderate, President Rouhani has National Center of Cyberspace under the direction of been accused of not doing enough to counter the more President Hassan Rouhani and Secretary Abolhassan hard-line actions of the judiciary or the IRGC10. Firouzabadi, coordinating and implementing cyberspace 14 Economy policy in Iran . The MAHER/ Iran National CERT is responsible for incident response15. Since Stuxnet, Iran Iran is the second largest economy (after Saudi Arabia) has matured into one of the more advanced actors in the Middle East and North African region (MENA), globally, not afraid of being offensively oriented. and has the second largest population after Egypt11. The country relies heavily on oil revenues. Rigorous imple- mentation of sanctions over the last several years have Iranian Intelligence and Cyber been hard hitting on the economy. Between 2011 and Services 2014 the currency took a nosedive as the Rial lost 80% of The fast development of Iran’s cyber capability has meant its value against the dollar12. Iran has the second largest that a number of organisations have been either created proven natural gas deposits globally, and could counter or have developed their own subdivisions to carry out the impact of sanctions on oil, but it requires foreign activity. The Supreme National Security Council under investment. Due to the sanctions, many countries and the auspices of the Supreme Leader Khamenei, seems companies have shied away from investing in Iran’s gas to oversee all of the different intelligence services. The deposits. Despite some gains under previous sanc- most prominent intelligence service seems to be the tions in the international community’s eyes, present US Ministry of Intelligence and Security (MOIS), which works leadership does not seem to articulate a very promising in conduit with the Islamic Revolutionary Guard Corp’s outlook. However, Europe, Russia, China and India have (IRGC) Quds-Force and intelligence unit. Supreme National Security Council (SNSC) Head: Supreme Leader Ali Hoseini-Khamenei President: President Hassan Fereydoon Rouhani Areas of Concern: To “watch over the Islamic revolution and safeguard the Islamic Republic of Iran’s national interests”. To “coordinate political, intelligence, social, cultural, and economic activities”16 7. https://www.aei.org/publication/iran-comprehensive-legal-system-for-internet-and-cyberspace/ 8. https://www.iranhumanrights.org/2016/10/ten-things-you-should-know-about-irans-national-internet-project/ 9. https://www.hrw.org/world-report/2017/country-chapters/iran 10. https://freedomhouse.org/report/freedom-world/2017/iran 11. http://www.worldbank.org/en/country/iran/overview 12. https://csis-prod.s3.amazonaws.com/s3fs-public/legacy_files/files/publication/140122_Cordesman_IranSanctions_Web.pdf 13. https://www.files.ethz.ch/isn/154842/No375_15OCT2012.pdf 14. http://techrasa.com/2017/08/27/all-you-need-know-about-internet-censorship-iran/ 15. https://www.files.ethz.ch/isn/154842/No375_15OCT2012.pdf 16. http://www.iranonline.com/iran/iran-info/government/Supreme-National-Security-Council.html 2 © 2017 Anomali, Inc. All rights reserved. Ministry of Intelligence and Security Minister: Seyyed Mahmoud Alavi17 Headquarters: Mehran, Tehran, Tehran Province, Iran Type of Service: Domestic intelligence service Areas of Concern: Intelligence collection and analysis, counter-intelligence, disinformation, works with Quds-Force, to identify antirevolutionary forces, provides resources to proxy-groups (Hamas, Hezbollah etc.) 18 Branches: Counterintelligence Directorate, Oghab 2 Islamic Revolutionary Guard Corps (IRGC) Chief Commander: Maj. Gen. Mohammad Ali Jafari19 Areas of Concern: Defending the regime, Military operations, HUMINT, SIGINT20 Branches: Land force, Navy, Airforce, Intelligence Unit, Quds-force (special forces), Basij (has cyberspace council21)22 Associated Groups: Iran Cyber Army (ICA)23/ Iran cybersecurity division24 25 26, Ashiyane Digital Secuirty Team27 28, Hizbullah Cyber Army, Qassam Cyber Fighters, Virtual Anonymous Jihad29, APT33?30, Rocket Kitten? 31 32 Campaigns: Operation Cleaver, Shamoon, Operation Ababil, Saffron Rose, Newscaster, Diginotar, Comodo33, Operation Wilted Tulip34 Cyber Police FATA Chief: Seyyed Kamal Hadianfar Headquarters: Police Headquarter, Attar street,
Recommended publications
  • Potential Human Cost of Cyber Operations

    Potential Human Cost of Cyber Operations

    ICRC EXPERT MEETING 14–16 NOVEMBER 2018 – GENEVA THE POTENTIAL HUMAN COST OF CYBER OPERATIONS REPORT ICRC EXPERT MEETING 14–16 NOVEMBER 2018 – GENEVA THE POTENTIAL HUMAN COST OF CYBER OPERATIONS Report prepared and edited by Laurent Gisel, senior legal adviser, and Lukasz Olejnik, scientific adviser on cyber, ICRC THE POTENTIAL HUMAN COST OF CYBER OPERATIONS Table of Contents Foreword............................................................................................................................................. 3 Acknowledgements ............................................................................................................................. 4 Executive summary ............................................................................................................................. 5 Introduction....................................................................................................................................... 10 Session 1: Cyber operations in practice .………………………………………………………………………….….11 A. Understanding cyber operations with the cyber kill chain model ...................................................... 11 B. Operational purpose ................................................................................................................. 11 C. Trusted systems and software supply chain attacks ...................................................................... 13 D. Cyber capabilities and exploits ..................................................................................................
  • A PRACTICAL METHOD of IDENTIFYING CYBERATTACKS February 2018 INDEX

    A PRACTICAL METHOD of IDENTIFYING CYBERATTACKS February 2018 INDEX

    In Collaboration With A PRACTICAL METHOD OF IDENTIFYING CYBERATTACKS February 2018 INDEX TOPICS EXECUTIVE SUMMARY 4 OVERVIEW 5 THE RESPONSES TO A GROWING THREAT 7 DIFFERENT TYPES OF PERPETRATORS 10 THE SCOURGE OF CYBERCRIME 11 THE EVOLUTION OF CYBERWARFARE 12 CYBERACTIVISM: ACTIVE AS EVER 13 THE ATTRIBUTION PROBLEM 14 TRACKING THE ORIGINS OF CYBERATTACKS 17 CONCLUSION 20 APPENDIX: TIMELINE OF CYBERSECURITY 21 INCIDENTS 2 A Practical Method of Identifying Cyberattacks EXECUTIVE OVERVIEW SUMMARY The frequency and scope of cyberattacks Cyberattacks carried out by a range of entities are continue to grow, and yet despite the seriousness a growing threat to the security of governments of the problem, it remains extremely difficult to and their citizens. There are three main sources differentiate between the various sources of an of attacks; activists, criminals and governments, attack. This paper aims to shed light on the main and - based on the evidence - it is sometimes types of cyberattacks and provides examples hard to differentiate them. Indeed, they may of each. In particular, a high level framework sometimes work together when their interests for investigation is presented, aimed at helping are aligned. The increasing frequency and severity analysts in gaining a better understanding of the of the attacks makes it more important than ever origins of threats, the motive of the attacker, the to understand the source. Knowing who planned technical origin of the attack, the information an attack might make it easier to capture the contained in the coding of the malware and culprits or frame an appropriate response. the attacker’s modus operandi.
  • Zerohack Zer0pwn Youranonnews Yevgeniy Anikin Yes Men

    Zerohack Zer0pwn Youranonnews Yevgeniy Anikin Yes Men

    Zerohack Zer0Pwn YourAnonNews Yevgeniy Anikin Yes Men YamaTough Xtreme x-Leader xenu xen0nymous www.oem.com.mx www.nytimes.com/pages/world/asia/index.html www.informador.com.mx www.futuregov.asia www.cronica.com.mx www.asiapacificsecuritymagazine.com Worm Wolfy Withdrawal* WillyFoReal Wikileaks IRC 88.80.16.13/9999 IRC Channel WikiLeaks WiiSpellWhy whitekidney Wells Fargo weed WallRoad w0rmware Vulnerability Vladislav Khorokhorin Visa Inc. Virus Virgin Islands "Viewpointe Archive Services, LLC" Versability Verizon Venezuela Vegas Vatican City USB US Trust US Bankcorp Uruguay Uran0n unusedcrayon United Kingdom UnicormCr3w unfittoprint unelected.org UndisclosedAnon Ukraine UGNazi ua_musti_1905 U.S. Bankcorp TYLER Turkey trosec113 Trojan Horse Trojan Trivette TriCk Tribalzer0 Transnistria transaction Traitor traffic court Tradecraft Trade Secrets "Total System Services, Inc." Topiary Top Secret Tom Stracener TibitXimer Thumb Drive Thomson Reuters TheWikiBoat thepeoplescause the_infecti0n The Unknowns The UnderTaker The Syrian electronic army The Jokerhack Thailand ThaCosmo th3j35t3r testeux1 TEST Telecomix TehWongZ Teddy Bigglesworth TeaMp0isoN TeamHav0k Team Ghost Shell Team Digi7al tdl4 taxes TARP tango down Tampa Tammy Shapiro Taiwan Tabu T0x1c t0wN T.A.R.P. Syrian Electronic Army syndiv Symantec Corporation Switzerland Swingers Club SWIFT Sweden Swan SwaggSec Swagg Security "SunGard Data Systems, Inc." Stuxnet Stringer Streamroller Stole* Sterlok SteelAnne st0rm SQLi Spyware Spying Spydevilz Spy Camera Sposed Spook Spoofing Splendide
  • Crowdstrike Global Threat Intel Report

    Crowdstrike Global Threat Intel Report

    TWO THOUSAND FOURTEEN CROWDSTRIKE GLOBAL THREAT INTEL REPORT www.crowdstrike.com TWO THOUSAND FOURTEEN CROWDSTRIKE GLOBAL THREAT INTEL REPORT INTRODUCTION .........................................................................4 Table of KEY FINDINGS ............................................................................7 STATE OF THE UNION .............................................................9 Contents: NOTABLE ACTIVITY ............................................................... 13 Criminal ................................................................................ 13 State ...................................................................................... 19 Hacktivist/Nationalist ............................................................. 25 2014 Zero-Day Activity ........................................................... 34 Event-Driven Operations ......................................................... 39 KNOW THE ADVERSARY ....................................................49 Effect of Public Reporting on Adversary Activity ........................ 49 HURRICANE PANDA .................................................................50 GOTHIC PANDA ..........................................................................55 Overview of Russian Threat Actors ........................................... 57 2015 PREDICTIONS.................................................................61 CONCLUSION ........................................................................... 73 2 Introduction Intelligence
  • Ankura Cyber Threat Intelligence Bulletin

    Ankura Cyber Threat Intelligence Bulletin

    ANKURA CYBER THREAT INTELLIGENCE BULLETIN IRANIAN RETALIATORY OPTIONS & TACTICS, TECHNIQUES AND PROCEDURES (TTP) JANUARY 13, 2020 TABLE OF CONTENTS EXECUTIVE SUMMARY ................................................................................. 3 BACKGROUND .............................................................................................. 3 SUGGESTED RESPONSE ................................................................................ 5 SUGGESTED TACTICAL ACTIONS ................................................................... 5 APPENDIX A – IRANIAN THREAT GROUPS TRACKED BY CTAPT ..................... 6 Page 2 | 6 EXECUTIVE SUMMARY As a result of escalations in tensions in the Middle East, including the killing of Iran’s Quds Force leader and the recent cruise missile strike against Iraqi and US forces, Ankura’s Cyber Threat Analysis and Pursuit Team (CTAPT) assesses the likelihood of Iranian retaliatory actions in cyberspace as high. Iran’s history of carrying out destructive and disruptive cyber-attacks against the United States and its allies should serve as a forewarning to entities in the financial, critical infrastructure, and defense related industries. Furthermore, based upon reports that Iran-linked threat actors have begun targeting President Trump’s re-election efforts, CTAPT assesses that entities and individuals associated with President Trump’s 2020 campaign or the Republican party have a high likelihood of being targeted by sophisticated cyber espionage campaigns in the run-up to the November election.
  • Despite Infighting and Volatility, Iran Maintains Aggressive Cyber Operations Structure

    Despite Infighting and Volatility, Iran Maintains Aggressive Cyber Operations Structure

    CYBER THREAT ANALYSIS | Despite Infighting and Volatility, Iran Maintains Aggressive Cyber Operations Structure By Insikt Group® CTA-IR-2020-0409 CYBER THREAT ANALYSIS | IRAN Recorded Future’s Insikt Group® is conducting ongoing research on the organizations involved in Iran’s cyber program. This report serves to provide greater insight into the major military and intelligence bodies involved in Iran’s offensive cyber program. Although offensive cyber capabilities include domestic attacks, we researched those organizations with declared international missions. Due to the secretive nature of some organizations and lack of verifiable information, we incorporated competing hypotheses to adhere to industry analytic standards. For the purposes of this research, we investigated the Islamic Revolutionary Guard Corps (IRGC), including the Basij, as well as the Ministry of Intelligence and Security (MOIS), and the Ministry of Defense and Armed Force Logistics (MODAFL). Although the report suggests links between a select number of advanced persistent threat (APT) groups and certain intelligence organizations, we are unable to conclusively assign them to specific agencies due to gaps in information about each group. The sources for our research primarily include intelligence surfaced in the Recorded Future® Platform, industry research released by Symantec, FireEye, ClearSky, and PaloAlto, among others, and open source news reports. Executive Summary While the Iranian cyber program remains at the forefront of Tehran’s asymmetric capabilities, its intelligence apparatus is colored by various dysfunctions and seemingly destabilizing traits. In particular, the politicization of its various intelligence agencies and ensuing domestic feuds have reportedly polarized officer-level rank and file throughout the various security crises of the Islamic Republic.
  • WORLD WAR C : Understanding Nation-State Motives Behind Today’S Advanced Cyber Attacks

    WORLD WAR C : Understanding Nation-State Motives Behind Today’S Advanced Cyber Attacks

    REPORT WORLD WAR C : Understanding Nation-State Motives Behind Today’s Advanced Cyber Attacks Authors: Kenneth Geers, Darien Kindlund, Ned Moran, Rob Rachwald SECURITY REIMAGINED World War C: Understanding Nation-State Motives Behind Today’s Advanced Cyber Attacks CONTENTS Executive Summary ............................................................................................................................................................................................................................................................................................................... 3 Introduction ............................................................................................................................................................................................................................................................................................................................................... 4 A Word of Warning ................................................................................................................................................................................................................................................................................................................. 5 The FireEye Perspective ...........................................................................................................................................................................................................................................................................................
  • Iranian Cyber-Activities in the Context of Regional Rivalries and International Tensions

    Iranian Cyber-Activities in the Context of Regional Rivalries and International Tensions

    CSS CYBER DEFENSE PROJECT Hotspot Analysis: Iranian cyber-activities in the context of regional rivalries and international tensions Zürich, May 2019 Version 1 Risk and Resilience Team Center for Security Studies (CSS), ETH Zürich Iranian cyber-activities in the context of regional rivalries and international tensions Authors: Marie Baezner © 2019 Center for Security Studies (CSS), ETH Zürich Contact: Center for Security Studies Haldeneggsteig 4 ETH Zürich CH-8092 Zürich Switzerland Tel.: +41-44-632 40 25 [email protected] www.css.ethz.ch Analysis prepared by: Center for Security Studies (CSS), ETH Zürich ETH-CSS project management: Tim Prior, Head of the Risk and Resilience Research Group Myriam Dunn Cavelty, Deputy Head for Research and Teaching, Andreas Wenger, Director of the CSS Disclaimer: The opinions presented in this study exclusively reflect the authors’ views. Please cite as: Baezner, Marie (2019): Hotspot Analysis: Iranian cyber-activities in context of regional rivalries and international tensions, May 2019, Center for Security Studies (CSS), ETH Zürich. 1 Iranian cyber-activities in the context of regional rivalries and international tensions Table of Contents 1 Introduction 4 2 Background and chronology 5 3 Description 9 3.1 Attribution and actors 9 Iranian APTs 9 Iranian patriotic hackers 11 Western actors 12 3.2 Targets 12 Iranian domestic targets 12 Middle East 12 Other targets 13 3.3 Tools and techniques 13 Distributed Denial of Service (DDoS) attacks 13 Fake personas, social engineering and spear phishing 13
  • Cyber Threat Data Model and Use Cases Final Report

    Cyber Threat Data Model and Use Cases Final Report

    CAN UNCLASSIFIED TA-35—Cyber Threat Data Model and Use Cases Final Report Dr. Antoine Lemay International Safety Research (ISR) Prepared by: ISR 38 Colonnade Road North Ottawa, Ontario Canada K2E 7J6 Contractor's document number: ISR Report 6099-01-03 Version 2.0 PSPC Contract Number: W7714-156105-T35 Technical Authority: Melanie Bernier, Defence Scientist Contractor's date of publication: September 2017 Defence Research and Development Canada Contract Report DRDC-RDDC-2017-C290 November 2017 CAN UNCLASSIFIED CAN UNCLASSIFIED IMPORTANT INFORMATIVE STATEMENTS The information contained herein is proprietary to Her Majesty and is provided to the recipient on the understanding that it will be used for information and evaluation purposes only. Any commercial use including use for manufacture is prohibited. Disclaimer: This document is not published by the Editorial Office of Defence Research and Development Canada, an agency of the Department of National Defence of Canada, but is to be catalogued in the Canadian Defence Information System (CANDIS), the national repository for Defence S&T documents. Her Majesty the Queen in Right of Canada (Department of National Defence) makes no representations or warranties, expressed or implied, of any kind whatsoever, and assumes no liability for the accuracy, reliability, completeness, currency or usefulness of any information, product, process or material included in this document. Nothing in this document should be interpreted as an endorsement for the specific use of any tool, technique or process examined in it. Any reliance on, or use of, any information, product, process or material included in this document is at the sole risk of the person so using it or relying on it.
  • WEBSITE SECURITY THREAT REPORT 2016 Contents

    WEBSITE SECURITY THREAT REPORT 2016 Contents

    FULL REPORT WEBSITE SECURITY THREAT REPORT 2016 Contents The Symantec™ Global Intelligence Network 03 • Simple but effective 34 • Web connected applications 36 WSTR introduction increasingly threatened Websites are still vulnerable to attacks leading 04 What’s in a botnet? 37 to malware and data breaches Malvertising 38 Comprehensive website security 04 Notable events in 2015 05 On the client side 39 Key takeaways 05 Smartphones and mobile devices 39 Moving to stronger authentication 06 • One phone per person 39 Reasons for hope 07 • Cross-over threats 39 • Android attacks become more stealthy 42 2015 in numbers • Android users under fire with phishing 42 The state of play 08 and ransomware Slipping through the cracks 09 • Apple iOS users now more at risk than ever 42 The insider threat 10 Protecting mobile devices 42 Money, money, money 10 Looking ahead 43 The underground economy and 14 Email and communications threats 43 law enforcement • Email abuse 43 • Business in the cyber shadows 14 • Spam 44 • Booming business 14 • Phishing 44 • They can run, but they can’t hide 14 • Email malware 44 • Reducing the risk 15 • Email encryption 46 • Bypassing encryption: 46 It’s not just about the device or the network – communications attacks Targeting the individual behind the computer • Email security advice 46 Trust no one 16 Looking ahead 46 Secrets and lies 17 Computers, cloud computing and IT infrastructure 47 Mistaken identity 18 • Cloud and virtualised systems 48 Put your money where your mouse is 18 • Cloud vulnerabilities 48 Chipping away
  • HAVELSAN Siber Güvenlik Bülteni

    HAVELSAN Siber Güvenlik Bülteni

    SİBER GÜVENLİK PANORAMA 2015 Türkiye adına her seviyede ders çıkarılacak siber güvenlik olayları HAVELSAN Aylık Siber Güvenlik Bülteni, Mart 2016 HAVELSAN, Türk Silahlı Kuvvetlerini Güçlendirme Vakfı’nın bir kuruluşudur. Siber Güvenlik Panorama 2015 TAKDİM 2015 yılında siber güvenlik ile ilgili büyüklü küçüklü çok sayıda siber saldırı meydana geldi. Bu saldırılardan bir kısmı gerek ülkemizde, gerekse dünyada ön plana çıkarken bazıları da bir kenarda unutuldu. Teknik kapsamlı olanlar da dâhil özellikle ülkemiz basın ve yayın organlarının, siber saldırıların genellikle sadece belirli türde olanlarına bilindik bir gözle baktığını ve aşina olunan söylemlerle aktardığını söylemek pek yanlış olmaz. Bu bakış açısıyla sunulan olayların, vatandaşa yönelik çoğunlukla yetersiz ve kısmen yanıltıcı tesirinin altını çizmek gerekmektedir. Ancak bunun da ötesinde, günlük haberler içinde sunulan siber uzaydaki olayların, ülkemizin çeşitli kamu ve özel iş kollarında çalışan kişiler ve özellikle karar mercilerinin siber saldırıların neler olabileceği ve ne gibi tesirlere yol açacağı konusunda sağlam bir fikir sahibi olmasına bir katkı sunmadığı açıktır. Son on yılda gittikçe çeşitlenen, artan ve çok büyük boyutlara ve kapsama erişen siber saldırıların doğru ve kapsamlı bir şekilde sunulması ile Türkiye’deki karar mercilerinin ve topyekûn ülkemizin değerli iş gücünün, çalıştığı kurumlarının ve kendilerinin ne gibi siber tehditlere maruz kalabileceği konusunda ışık tutulacağını düşünüyoruz. Bu bültende sunulan panorama ile gerçekleşen siber olaylardan haberdar
  • Iran and the Soft War for Internet Dominance

    Iran and the Soft War for Internet Dominance

    Iran and the Soft War for Internet Dominance Claudio Guarnieri & Collin Anderson1 Black Hat USA, August 2016 Table of Contents Introduction Campaigns and Actors Infy Cleaver (Ghambar) ​ ​ Rocket Kitten Sima End Note Acknowledgements Appendix Summary Over the past decade, the Islamic Republic of Iran has been targeted by continual intrusion campaigns from foreign actors that sought access to the country's nuclear facilities, economic infrastructure, military apparatus, and governmental institutions for the purpose of espionage and coercive diplomacy. Concomitantly, since the propagandic defacements of international communications platforms and political dissident sites conducted by an organization describing itself as the "Iranian Cyber Army" beginning in late 2009, Iranian actors have been attributed in campaigns of intrusions and disruptions of private companies, foreign government entities, domestic opposition, regional adversaries and international critics. While Iran maintains strong technical universities2 and an extraordinarily active defacement community,3 the country has not invested in its capacity for Internet­based espionage to the same degree as its traditional geopolitical rivals, and is less able to seek capabilities abroad from 1 Contact: Claudio ([email protected], PGP: 7359 D880) and Collin ([email protected], PGP: FAFB F2FA) 2 Sharif University of Technology for example is an internationally recognized engineering school. https://www.timeshighereducation.com/world­university­rankings/sharif­university­of­technology 3 Ashiyane Digital Security Team and other defacement groups have commonly held positions in the leaderboard of Zone­H and are attributed with thousands of defacements. http://www.zone­h.org/stats/notifierspecial Iran and the Soft War for Internet Dominance Guarnieri & Anderson companies such as Hacking Team or Finfisher due to its pariah status.